I’m an engineering manager in privacy engineering, part of a security org. I’m based out of Toronto now, but I used to be in SFBay.
I also sometimes do video games, cook, or art, but these days have been playing a lot of accordion.
I am fairly flexible on the tech stack, having experience in the following:
- writing/modifying Linux drivers (mac80211 to measure channel switching speeds)
- writing operating system core software (poked at TSS stack on chromeos)
- writing highly reliable backend services (Java payments/PKI stack)
- machine learning research (custom classifiers in C)
- scaling data pipelines (AWS EMR)
- web/frontend development (React)
- administering Linux servers/systems
I am an engineering manager right now, so I also have experience in the following:
- managing junior and senior engineers so far with a max of 7 reports
- coaching and career growth towards subsequent promotions
- creating, evaluating, and updating interview panels and rubrics
- interviewing interns, newgrads, senior engineers, consultants, project managers, engineering managers, and directors (to date I have conducted at least 200+ interviews)
- developing long-term engineering/technical strategy and roadmap
- developing, evaluating, and improving team and organizational processes
- organizing and running sprints, standups, team meetings, hackweeks, operational reviews, OKRs, etc.
- fostering cross-team collaborations across platform, product, and legal teams, etc.
- spreadsheets (primarily google sheets with google apps scripts)
I have random other skills/knowledge that are specifically relevant to security sometimes:
- vendor security assessments (including reading through SOC2 and PCI reports)
- PCI PIN management (key manager overseeing key provisioning + audits)
- some minor exploits (including participating in CTFs)
- administering PKIs with HSMs (ncipher native and PKCS11, payshield)
- incident response and postmortems
I also love conferences and meetups:
- I have experience organizing 100-150-person LAN party events (including handling sponsors and marketing)
- I have experience recruiting, managing, and supervising 200-300 volunteers at 2200+-participant security cons (BSidesSF)
- I ran a 300-person workshop on how to get involved in CTFs that was well received (Grace Hopper)
- I have given some talks (including Grace Hopper and USENIX Enigma)
- I frequently am in the role of MC/organizer of small events (company-internal meetups)
I still have mild research interests related to privacy and text analysis (NLP). I used to do location privacy and stylometry research (sorry, I wasn’t good enough to get papers published).
I may be reached at s at shh dot sh . My GPG Key is 1BE6 766C DC52 439A 5722 DCA2 BDE4 3806 8A2B D353.
You can also interact with me on Twitter.